Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > Controlling directory harvest attacks
Controlling directory harvest attacks
Administrator Help | Forcepoint Email Security | Version 8.5.x
A directory harvest attack is used by questionable sources to gain access to an organization's internal email accounts. A directory attack not only consumes large amounts of system resource but also, through the acquisition of email accounts, creates spam problems for email end users. With directory attack prevention settings, you can limit the maximum number of messages and connections coming from an IP address over a given time period. These settings are configured on the page Settings > Inbound/Outbound > Directory Attacks.
Configure directory attack control
1.
Navigate to the page Settings > Inbound/Outbound > Directory Attacks.
2.
Enable the directory harvest attack prevention function; mark the check box Limit the number of messages/connections per IP every.
3.
From the pull-down menu, set the time period, from 1 second to 60 minutes.
The default is 60 seconds.
4.
Set the maximum number of messages allowed from an individual IP address during the specified time period.
The default is 30.
5.
Set the maximum number of connections allowed from an individual IP address during the specified time period.
The default is 30.
6.
If you have enabled the directory attack prevention option, you can also enable settings to block an IP address when a specific set of recipient conditions occurs; mark the check box Block the IP address for and enter the time interval during which to block an IP address.
The default is 3 hours.
7.
Enter the conditions for blocking the IP address:
*
Maximum number of message recipients
The default is 5.
*
Maximum percentage of invalid addresses among the recipients
The default is 50%.
When these recipient limitations are exceeded, the connection is dropped automatically.
This option is available only when the recipient validation option is used (see Adding user authentication settings).
8.
Click OK.
The settings are saved.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > Controlling directory harvest attacks
Copyright 2022 Forcepoint. All rights reserved.